Leonard Rosenthol wrote:
> BUT a browser/UA is allowed to instantiate AY content that it believes complies with the provided security model, correct?
>
> So Safari, if it believes that their built-in PDF support is "sandbox safe" could display such document on the Mac even though on Windows the same browser would not do so. OR for that matter, what about a UA which relies on a plugin for SVG? Are they to not allow embedded SVG in a sandbox simply because they have to use a plugin to implement it?
>
> My point isn't to try to avoid the sandbox - I fully support the idea. HOWEVER, I believe that "plugins" are being singled out inappropriately and that the correct solution is a more well thought out definition of what exactly we are trying to achieve.
>
> Leonard
> ...
Looking into this I just realized that, to begin with, we may have to
fix the definition of plugin. It used to be non-critical, but now it's
referred to for iframe/@sandbox it is.
From <http://dev.w3.org/html5/spec/Overview.html#plugins>:
"The term plugin is used to mean any content handler for Web content
types that are either not supported by the user agent natively or that
do not expose a DOM, which supports rendering the content as part of the
user agent's interface."
- "Web content type" appears to be undefined. Is it just a media type?
- "do not expose a DOM": that seems to the content handler for JPGs a
plugin, right?
Best regards, Julian